<div dir="ltr">Hi All,<div><br></div><div><span style="font-size:12.8px">Please help me in understanding below scenario ???</span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:12px;line-height:20px;white-space:pre">OS::Neutron resources have tenant_id as parameter, so </span>the default authorization settings in keystone will allow administrative users to create resources on behalf of a different project.</div>
<div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I mean with </span>an admin token the network can be created in a specific customer/tenant context.</div><div><br></div><div>Why not the same is provided for <span style="color:rgb(85,85,85);font-size:1.1em;line-height:1.2em">OS::Nova::Server ??</span></div><div><span style="color:rgb(85,85,85);font-size:1.1em;line-height:1.2em"><br></span></div><div><span style="color:rgb(85,85,85);font-size:1.1em;line-height:1.2em">I had this requirement for auto-healing/scaling of a VM.</span></div><div><span style="color:rgb(85,85,85);font-size:1.1em;line-height:1.2em"><br></span></div>
<div><div style="font-size:12.8px">I am doing manual scaling based on inputs from monitoring framework instead of ceilometer alarms.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">I launched my heat stack in a tenant using python-api bindings:</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><p>>>> tenant_id = 'Tenant-A'</p><p>>>> heat_url = '<a href="http://heat.example.org:8004/v1/%s" target="_blank">http://heat.example.org:8004/v1/%s</a>' % tenant_id</p><p>>>> auth_token = 'user-A-in-Tenant-A auth-token'</p><p>>>> from heatclient.client import Client<br></p><p>>>> heat = Client('1', endpoint=heat_url, token=auth_token)</p><p><br></p><p><span style="font-size:12.8px">If I need to scale VM's belonging to this tenant, can I use tenant_id = 'Tenant-A' and auth_token corresponding to admin Tenant who has role access in Tenant-A.</span><br></p><p><span style="font-size:12.8px">[I am getting an error like User of admin tenant is </span><span style="font-size:12.8px">is unauthorized for tenant-A ]</span></p>
<p>Because through monitoring framework, I can have admin details and no tenant context ??</p><p>Is it suggestible to store <span style="font-size:12.8px">user-credentials of Tenant-A</span><span style="font-size:12.8px"> and re-generate auth-token and work ??</span></p><p><span style="font-size:12.8px"><br></span></p><p><span style="font-size:12.8px">Thanks</span><br></p></div></div><div><span style="font-size:12.8px">Eswar</span></div></div>